kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-09 09:26:54 +00:00

Author	SHA1	Message	Date
Matt Veitas	5ef7581c5c	[Bug] [CLI] Restore warn-exit-code functionality for apply command (#9828 ) * Restore warn-exite-code functionality for apply command Signed-off-by: Matt Veitas <mveitas@gmail.com> * Nove error handling Signed-off-by: Matt Veitas <mveitas@gmail.com> * Uncomment println statement Signed-off-by: Matt Veitas <mveitas@gmail.com> * Fixing linting Signed-off-by: Matt Veitas <mveitas@gmail.com> * Adding conformance tets for cli apply command with warn-exit-code Signed-off-by: Matt Veitas <mveitas@gmail.com> * Update path to kubectl-kyverno binary Signed-off-by: Matt Veitas <mveitas@gmail.com> * Add prepare-cli as needed dependency Signed-off-by: Matt Veitas <mveitas@gmail.com> * feat: install kubectl-kyverno in standard conformance tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: move CLI chainsaw tests to a separate action Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: CLI path Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: name Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add chainsaw flag '--no-cluster' Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: CLI name Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Matt Veitas <mveitas@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2024-02-29 13:08:21 +00:00
Mariam Fahmy	07a6bf42f5	fix: add podSecurity validation checks for exceptions (#9817 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-28 08:21:10 +00:00
Mariam Fahmy	019fcaf377	fix: remove unnecessary podSecurity chainsaw test (#9791 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-26 14:23:34 +08:00
Charles-Edouard Brétéché	4bb550d052	chore: move chainsaw config at the root of the repo (#9768 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-24 09:54:53 +00:00
Khaled Emara	2b2587469d	feat: enhance global context (#9710 ) * feat(globalcontext): add event handling Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): handle cache sync error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): ensure api is called during init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(events): decouple events from policies a bit Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): use status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): make status optional Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): status update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): codegen Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): delete yaml annotations Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): fix status in tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcotext): update enqueue func Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): rbac Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): retry logic Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): unknown api call in test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * bump Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: set unique name for each testing resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update readme Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: log msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: delay gctce creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: check Kyverno status Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: update chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: revert chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * test(globalcontext): print actual status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add necessary delays and check status before applying Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): long refreshInterval Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: log success Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print informer data Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): use client instead of informer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print status after update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print ResourceVersion Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: remove gcecontroller from other controllers Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): update status only once Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore: remove excess logs Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add store to cleanup controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-23 10:34:04 +00:00
Mariam Fahmy	956b403c7e	fix: add validation check for podSecurity subrule (#9770 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-23 15:16:53 +08:00
mohamedasifs123	d566e9886c	Fix :variables are not getting processed in validation message for "anyPattern" (#9713 ) * Update validate_resource.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create pod.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create policy.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update validate_resource.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create README.md Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/chainsaw-test.yaml Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/variable-substitution-failure-messages/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com>	2024-02-21 07:20:43 +00:00
mohamedasifs123	66f54d8fd6	fix: Policies skipped because of preconditions not met should not be included in admission requests denial responses (#9719 ) * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * lint Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update block.go Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test added Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * test Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * --signoff Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Create README.md Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Rename Policy1.yaml to policy-1.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/README.md Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update test/conformance/chainsaw/validate/clusterpolicy/cornercases/check-message-upon-resource-failure/chainsaw-test.yaml Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Rename Policy2.yaml to policy-2.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> * Update chainsaw-test.yaml Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> --------- Signed-off-by: mohamedasifs123 <142201466+mohamedasifs123@users.noreply.github.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-02-20 15:42:18 +00:00
Khaled Emara	10258921ac	feat(validation-webhook): validate global context reference (#9678 ) * feat(validation-webhook): validate global context reference Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(validation-webhook): global reference name Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): fix tests after valdiation Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(policycache): dont add NotReady Policies Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): rename e2e tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): add entry errors Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): fix chainsaw test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-02-08 07:46:58 +00:00
Suruchi Kumari	704c6722ec	[Bug] Fix message and formatting of podSecurity validation failure with restrictedField (#9658 ) * fix format Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com> * fix test Signed-off-by: GitHub <noreply@github.com> --------- Signed-off-by: Suruchi Kumari <suruchikumarimfp4@gmail.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-08 12:16:23 +08:00
Mariam Fahmy	c815e9bb8f	feat: add chainsaw tests for exceptions (#9672 ) * feat: add chainsaw tests for exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-07 17:58:41 +08:00
Mariam Fahmy	6c9fdaf52b	feat: add chainsaw test for policy webhook based configuration (#9645 ) * feat: add chainsaw test for policy webhook based configuration Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-06 18:05:45 +00:00
Khaled Emara	1eda4789d1	test(globalcontext): add e2e tests (#9661 ) * fix(globalcontext): validation Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): use existence instead of ready for now Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): improve not ready error message Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): allow any APICall Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): prevent double marshal Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): add e2e tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): move vaildation to OpenAPI V3 Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-02-06 17:03:32 +00:00
Mariam Fahmy	ace5b59003	feat: add chainsaw tests for pod security in exceptions (#9667 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-06 13:07:58 +00:00
Mariam Fahmy	90ac90b89f	feat: use the check block for checking CLI output in chainsaw tests (#9616 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-02-05 14:59:19 +00:00
Charles-Edouard Brétéché	f529ff9b85	fix: global context validation (#9643 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-05 13:56:44 +00:00
Vishal Choudhary	b5b925bf78	feat: add chainsaw tests for global context crd validation (#9628 ) * feat: add chainsaw tests for global context crd validation Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add globalcontext to standard conformance action Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: overlapping names Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-02-04 18:15:55 +01:00
Mariam Fahmy	3510998d4f	feat: Support CEL expression warnings (#9566 ) * feat: support CEL expression warnings Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: allow the policy creation but return warnings to the API server Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2024-02-02 10:04:02 +00:00
shuting	5f0d53fe34	feat: apply `.matchConditions` when generating reports (#9599 ) * enable matchconditions for reports Signed-off-by: ShutingZhao <shuting@nirmata.com> * update Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issues Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: move files Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-02-02 08:32:28 +00:00
Charles-Edouard Brétéché	8d528675de	chore: enable chainsaw fail fast (#9606 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 17:30:21 +00:00
shuting	273a0a52f9	chore: add chainsaw tests for policy based webhook configuration (#9561 ) * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * update policy Signed-off-by: ShutingZhao <shuting@nirmata.com> * add delay Signed-off-by: ShutingZhao <shuting@nirmata.com> * add debug steps Signed-off-by: ShutingZhao <shuting@nirmata.com> * attempt fix Signed-off-by: ShutingZhao <shuting@nirmata.com> * attempt fix Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-31 16:44:01 +00:00
Anushka Mittal	cfc9683033	Changes to dynamically configure webhooks (#8437 ) * Changes to dynamically configure webhooks Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add kuttl tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Refactoring Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct unit test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Change way of webhooks configured Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct tests with new changes Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add delete operation by default Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct tests with new changes Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct order for operations Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add mutatingwebhookconfiguration test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct unit test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Added policy.yaml in mutate webhook test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections in kuttl test and code Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Change name of test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Changes to update webhooks manifest Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add corrections for dynamic-op-mutate kuttl test Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Add minor changes; remove unnecessary file Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Correct adding operations for MutatingWebhookConf Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * dynamic op mutate and validate added Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Resolve conflicts Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Filter rules for mutatingwebhookconf correctly Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * replace TestStep with Test in chainsaw tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * converted to new chainsaw-test format Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * minor corrections Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * remove isMutationEmpty() Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * initial changes for dynamic opn enhancements Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * rename variables Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * resolve lint errors Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * refactor code Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add changes for exclude operations Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * corrections in conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * modification in unit tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * correction in conformance tests Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Update .vscode/launch.json Signed-off-by: shuting <shuting@nirmata.com> * update variable usage Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * remove testresults Signed-off-by: anushkamittal2001 <anushka@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2024-01-31 15:46:53 +00:00
shuting	635f160ae0	feat (generate): add `orphanDownstreamOnPolicyDelete` to preserve downstream on policy deletion (#9579 ) * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add .orphanDownstreamOnPolicyDelete Signed-off-by: ShutingZhao <shuting@nirmata.com> * update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-31 13:50:38 +02:00
Vishal Choudhary	82b65aebc4	feat: add fail/warn on deprecated/invalid operators (#8624 ) * feat: add fail/warn on deprecated/invalid operators Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nested for each Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-31 08:40:28 +00:00
Charles-Edouard Brétéché	2b824be667	fix: omit events flag (#9572 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 23:41:13 +00:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
Liang Deng	8298a9a858	fix: validate pattern premature skip (#9155 ) Signed-off-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-29 13:06:39 +00:00
Mariam Fahmy	9ed14cb779	feat: support vap bindings in reports (#9506 ) * feat: support vap bindings in reports Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add binding to the rule response Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 12:49:17 +01:00
Charles-Edouard Brétéché	90cff77300	fix: CRDs codegen (#9542 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 09:45:52 +00:00
Charles-Edouard Brétéché	6a41c813fa	chore: remove reference to kuttl (#9539 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-27 23:01:32 +00:00
Mariam Fahmy	f01f0d6dc4	feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-26 18:43:07 +00:00
Florian Hopfensperger	8781a38849	feat: configure webhook scope based on resource and policy type (#8065 ) * feat: configure webhook scope based on policy type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/controller.go Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> * feat: configure webhook scope based on resource type Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * review comments Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * sorting of webhooks Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> * Update pkg/controllers/webhook/utils.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix imports Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> --------- Signed-off-by: Florian Hopfensperger <florian.hopfensperger@allianz.de> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 15:07:42 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Vishal Choudhary	87c7ce254a	feat: add skipImageReferences in verify images (#8633 ) * feat: add skipImageReferences in verify images Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-23 12:27:39 +00:00
Vishal Choudhary	a0afda4f0a	fix: allow multiple keys in verifyImages.attestations.attestors.entries (#8880 ) * fix: allow multiple keys in verifyImages.attestations.attestors.entries Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-01-22 06:49:22 +00:00
Mariam Fahmy	560aab2e69	fix PSA chainsaw tests (#9389 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-18 23:23:52 +00:00
Mariam Fahmy	a791d9ac35	feat: skip generating VAP when an exception is defined (#9386 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-18 15:55:27 +00:00
Mariam Fahmy	f0564b3019	feat: re-evaluate policy exceptions for existing resources and modify reports accordingly (#8659 ) * feat: re-evaluate policy exceptions for existing resources and modify reports accordingly Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use v2 of exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use properties in the reports result Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-17 10:00:15 -08:00
shuting	600e19b340	fix: clean up URs if the trigger doesn't exist (#9355 ) * clean up URs if trigger is not present Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * increase timeout Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: clarify user variables failure Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-09 10:30:31 +01:00
Mariam Fahmy	e1a26f8eed	fix PSA chainsaw tests (#9341 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-05 08:57:40 +08:00
Mariam Fahmy	f8c5571ddc	fix: remove the check of exclude in VAPs (#9331 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-03 17:37:30 +00:00
Mariam Fahmy	25a6cd97e0	fix a chainsaw test (#9332 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-03 19:22:16 +08:00
Khaled Emara	3d985872df	Add Chainsaw Test for Conditional Anchor (#9295 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-28 12:15:06 +00:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00
Charles-Edouard Brétéché	2b5aef75f1	feat: add cleanup policies v2 (#9261 ) * feat: add cleanup policies v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-22 20:43:27 +02:00
Mariam Fahmy	b61a1f3d18	fix: set v2beta1 of exceptions the storage version (#9254 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 10:13:58 +00:00
Mariam Fahmy	af0ff92ca3	fix: remove unused file in a test (#9240 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-21 11:49:57 +00:00
shuting	85e0d9b836	fix mutate existing force reconciliation (#9230 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-20 16:29:37 +00:00
Mariam Fahmy	fe8f8faa8b	fix: add chainsaw test for mutate existing (#9210 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 18:15:34 +00:00
Mariam Fahmy	8e0a7aa204	feat: promote policy exceptions to v2 (#9208 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 10:43:39 +00:00

... 2 3 4 5 6 ...

477 commits